There’s an update to an insider data breach previously announced in January 2025. Yesterday’s announcement brings the new total affected to almost 95,000 people. April 30, 2025. AUSTIN – The Texas Health and Human Services Commission is notifying an additional 33,529 recipients of agency services and other affected individuals that their protected health, personal identifying…
Category: Health Data
HHS OCR Settles HIPAA Ransomware Cybersecurity Investigation with Comprehensive Neurology, PC
Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with Comprehensive Neurology, PC (Comprehensive), a small New York neurology practice, concerning a potential violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. The settlement resolves an OCR investigation of a ransomware…
Several more lawsuits filed against Frederick Health Hospital related to data breach, cybersecurity failures
Gabrielle Lewis reports: Four class action lawsuits alleging Frederick Health Hospital failed to protect patients’ sensitive data during a ransomware attack in January were filed this month. These lawsuits accuse FHH of having inadequate cybersecurity measures, neglecting its obligation to protect patient data, improperly notifying the people affected by the data breach and putting individuals…
No need to hack when it’s leaking (CORRECTED)
Please note the correction at the bottom of this post. Researcher Jeremiah Fowler recently discovered an unsecured database with protected health information (PHI) that appeared to be linked to Atrium Health in North Carolina. As reported at WebsitePlanet, there were 21,344 records with a total size of 6.99 GB. The database appeared to be an…
HHS Office for Civil Rights Settles Phishing Attack Breach with Health Care Network for $600,000
Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with PIH Health, Inc. (PIH), a California health care network, over potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The violations stem from a phishing attack that exposed unsecured electronic protected health…
Blue Shield of California shared the health data of 4.7 million people with Google for years
Jonathan Greig reports: The sensitive healthcare information of millions in the U.S. has been leaked through data breaches that multiple insurance companies, clinics, hospitals and more reported recently. The largest involves Blue Shield of California, which informed the U.S. Department of Health and Human Services (HHS) of an incident impacting 4.7 million people. In breach notification…